Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2021-3129 PoC — Facade Ignition for Laravel 授权问题漏洞

Source
https://github.com/wmasday/CVE-2021-3129
Associated Vulnerability
Title:Facade Ignition for Laravel 授权问题漏洞 (CVE-2021-3129)
Description:Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.
Description
CVE-2021-3129 | Laravel Debug Mode Vulnerability
Readme

# CVE-2021-3129
Mass Scan Tools For Laravel <= V8.4.2 Debug Mode Remote Code Execution (RCE) | Python

## Reference

 - [Ambionics.io](https://www.ambionics.io/blog/laravel-debug-rce)
 - [PHPGCC](https://github.com/ambionics/phpggc.git)




## Chain PHPGCC

- Laravel/RCE1
- Laravel/RCE2
- Laravel/RCE3
- Laravel/RCE4
- Laravel/RCE5
- Laravel/RCE6
- Laravel/RCE7
- Monolog/RCE1
- Monolog/RCE2
- Monolog/RCE3
- Monolog/RCE4


## Environment Variables

In order to run this project, you need to ensure some variables.

Request With Verify SSL :

`confVerify = True or False`

Write Log : 

`confDebug = True or False`

Write Log : 

`confDebug = True or False`
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →